Reference: Web Interface Administrator Access
You can configure privileges for an entire firewall
or for one or more virtual systems (on platforms that support multiple
virtual systems). Within that Device or Virtual System designation,
you can configure privileges for custom administrator roles, which
are more granular than the fixed privileges associated with a dynamic
administrator role.
Configuring privileges at a granular level ensures that lower
level administrators cannot access certain information. You can
create custom roles for firewall administrators (see
Configure
a Firewall Administrator Account), Panorama administrators,
or Device Group and Template administrators (refer to the
Panorama Administrator’s Guide). You apply
the admin role to a custom role-based administrator account where
you can assign one or more virtual systems. The following topics
describe the privileges you can configure for custom administrator
roles.